Storage-medium processing method, a storage-medium processing apparatus, and a storage-medium processing program

ABSTRACT

Spread of a forged storage medium is prevented suppressing an authentic storage medium&#39;s damage and trouble of a owner to the minimum. When there is an update request of user key data, the update history of the user key data concerning the shown above-mentioned medium identifier IDm is referred to. When judged that the update of the user key data concerning the shown medium identifier IDm not being performed within a predetermined period, the update of user key data is performed. The request of a update is refused when judged that the update of the user key data concerning the shown medium identifier IDm being performed within a predetermined period.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation application of and claims the benefitof priority under 35 U.S.C. §120 for U.S. Ser. No. 11/570,074, filedJan. 30, 2007, which is a National Stage application ofPCT/JP2005/010477, filed Jun. 8, 2005 and claims benefit of priorityunder 35 U.S.C. §119 from JP 2004-178432, filed Jun. 16, 2004, theentire contents of each of which are incorporated herein by reference.

FIELD OF THE INVENTION

The present invention relates to a storage-medium processing method, asystem, and a program, which enables a user terminal to acquire contentdata from a license center apparatus, by online-connecting a storagemedium with a double key encryption scheme via the user terminal to thelicense center apparatus.

BACKGROUND OF THE INVENTION

In recent years, with development of information society, a content datadistribution system is widely used. In this system, the content dataincluding electronic data such as a book, newspaper, music, or an movingpictures, is distributed to a user terminal, which enables browsing ofcontent data in the user terminal.

However, since electric content data (heretofore, it is referred to as“content data”) can be copied easily, the electronic content data tendsto induce illegal acts that disregard copyright. From a viewpoint ofprotecting content data from such an illegal act, content data isencrypted and recorded by the encryption key and is usually decoded atthe time of reproducing.

Content data protection technologies like this include CPRM (ContentProtection for Prerecorded Media) which uses a standardized encryptionkey scheme in SD audio, SD video, SD E-e-Publish (SD computer-assistedpublishing) or the like (for example, refer to nonpatent literature 1).The encryption-key scheme adapted in this nonpatent literature 1 is anencryption single key scheme which enciphers a title key with a mediumunique key. On the other hand, the encryption double key scheme in whichthe content key is doubly encrypted with the user key and the mediumunique key is known (for example, refer to nonpatent literature 2). Thiskind of encryption double key scheme is used in MQbic (registeredtrademark), for example.

FIG. 10 is a schematic diagram showing the configuration of the SD cardand a user terminal corresponding to the encryption double key schemeadopted in Mqbic. A SD card SDq is an example of a secure storage mediumwhich securely stores data. The SD card SDq has a system area 1, ahidden area 2, a protection area 3, a user data area 4, and anencryption/decryption unit 5, and the data is stored in each area 1-4.

In a SD card SDq like this, key management information MKB (Media KeyBlock) and the medium identifier IDm are stored in the system area 1.The medium unique key Kmu is stored in the hidden area 2. The encrypteduser key Enc (Kmu, Ku) is stored in the protection area 3, and theencrypted content key data Enc (Ku, Kc) is stored in the user data area4. The expression of Enc (A, B) means the data B encrypted with data Ain this specification. Here, the user key Ku is encryption/decryptionkey to the content key Kc, and is used in common also to two or moreencrypted content key data Enc (Ku, Kc1), Enc (Ku, Kc2) . . . .Moreover, the subscript q of The SD card SDq denotes that it conforms toMQbic (registered trademark).

Here, the system area 1 is a read-only area which can be accessed fromoutside of the SD card. The hidden area 2 is a read-only area that theSD card itself refers to, and cannot be accessed at all from external.The protection area 3 is an area in which data read and write ispossible from external of the SD card when authentication isaccomplished.

The user data area 4 is an area in which read/writing is freely possiblefrom outside of the SD card. The encryption/decryption unit 5 performsauthentication, key exchanging, and cryptography, and has a function ofencryption/decryption.

The user terminal 10 q for reproducing operates logically as follows tosuch the SD card SDq. That is, the user terminal 10 q, performs MKBprocessing of the key management information MKB read from the systemarea 1 of the SD card SDq with the device key Kd set up beforehand(ST1), to obtain a medium key Km. Next, the user terminal 10 q carriesout the hash processing of both the medium key Km and the mediumidentifier IDm read from the system area 1 of the SD card SDq (ST2), andobtains the medium unique key Kmu.

Thereafter, the user terminal 10 q performs, based on the medium uniquekey Kmu, an authentication process and a key exchanging process (AKE:Authentication Key Exchange) with the decryption/encryption unit 5 ofthe SD card SDq, to share a session key with the SD card SDq (ST3).

Note that the authentication and key exchanging process in the step ST3succeeds when the medium unique key Kmu in the hidden area 2 referred toat the decryption/encryption unit 5 coincides with the medium unique keyKmu generated by the user terminal 10 q, thereby the session key Ksbeing shared.

Then, the user terminal 10 q reads out the encrypted user key Enc (Kmu,Ku) from the protection area 3, through a cipher communication using thesession key Ks (ST4). This results in the encrypted user key Enc (Kmu,Ku) being decrypted by the medium unique key Kmu (ST5). Then, the userkey Ku will be obtained.

Finally, when the encrypted content key Enc (Ku, Kc) is read from theuser data area 4 of the SD card SDq, the user terminal 10 q carries outthe decryption processing of the encrypted content key Enc (Ku, Kc) withthe user key Ku to obtain a content key Kc (ST5 q). Finally, when theencrypted content data Enc (Kc, C) is read from Memory 11 q, the userterminal 10 q performs the decryption processing of the encryptedcontent data Enc (Kc, C) with the content key Kc (ST6). Thereby, theuser terminal 10 q reproduces the obtained content data C.

Note that although the above-mentioned example stores encrypted contentdata in the memory 11 q of the user terminal 10 q, it may be stored inthe external storage medium.

The above-mentioned encryption double key scheme stores encryptedcontent key data at the user data area 4 having a large memorycapacitance compared to the protection area 3. Therefore, it has anadvantage in that it can store a lot of encrypted content key datacompared to encryption single key scheme.

Moreover, since the encryption double key scheme may store encryptedcontent data in the SD card, it may urge the distribution of encryptedcontent data.

Furthermore, in the encryption double key scheme, the medium identifieras an identifier is given to each SD card, and a unique user key isissued per medium identifier. This user key is also encrypted and storedin the protection area (protected area) of an SD card. Encryption of theuser key depends on the medium identifier, and the user key can bedecoded only with a authentic player. For this reason, content datacannot be acquired even if a trespasser copies only a content keyunjustly from a user data area.

DISCLOSURE OF THE INVENTION Problem to be Solved

About the SD card, the existence of forged SD cards (forged storagemedium) has been confirmed, and it is an pressing issue to prevent thespread or diffusion thereof. The main reason why such forged SD cardsexist is, that some manufacturers given a license of the SD cardcommitted injustice behind the scenes. There is a good chance thatHundreds of forged SD cards with the same medium identifier may bedistributed.

Some of the owners of a forged SD card may be malicious, and the othermay be ignorant (purchased it not recognizing it as forgery, and usesit). A forged card problem may be solved, by re-issuing a card givenanother medium identifier to the owner having an authentic card with thesame medium identifier.

However, if counterfeit cards spread widely, and it explodes into asituation that clone SD cards having copied up to the user key or thelike, may be diffused in the markets, it may be a serious issue. A cloneSD card herein means a SD card in which everything, such as an MKB(Media Key Block), a medium identifier, a medium unique key, anencrypted user key, an encrypted content key or the like is the same asthe authentic SD card. That is, when the owner of a clone SD cardaccesses a license center and acquires content data, accounting thereofis charged to the authentic SD card which has the same ID etc.

Therefore, it is important to prevent an usage of a forged SD card asmuch as possible for a legitimate operation of the system.

SUMMARY OF THE INVENTION

A storage medium processing method according to the invention uses astorage medium and a user terminal. The storage medium stores mediumidentifier data, medium unique key data enabled to be generated based onthe medium identifier data, encrypted user key data in which user keydata is encrypted so that it may be decrypted using the medium uniquekey data, and encrypted content key data in which content key data isencrypted so that it may be decrypted using the user key data. The userterminal to which the storage medium is able to be connected retainsencrypted content data in which content data is encrypted so that it maybe decrypted using the content key data. The user terminal connected tothe storage medium is enabled to access to a license center to obtainvarious kinds of data. The method comprises: a update requesting step inwhich the user terminal requests to the license center a update of theuser key data in the storage medium submitting the medium identifierdata; a update history reference step in which the license center refersto a update history of the user key data concerning to the mediumidentifier data submitted in the update requesting step; an updateexecuting step in which the license center performs the update of theuser key data based on the update request from the user terminal when itis judged that the update of the user key data concerning the submittedmedium identifier data has not been performed within a predeterminedperiod; and an update refusal step in which the license center refusesthe update request from the user terminal when it is judged that theupdate of the user key data concerning the submitted medium identifierdata has been performed within a predetermined period.

A storage medium processing device according to the invention isconnected to a storage medium which stores medium identifier data,medium unique key data enabled to be generated based on the mediumidentifier data, encrypted user key data in which user key data isencrypted so that it may be decrypted using the medium unique key data,and encrypted content key data in which content key data is encrypted sothat it may be decrypted using the user key data, and performs dataprocessing of the storage medium via a user terminal retaining encryptedcontent data in which content data is encrypted so that it may bedecrypted using the content key data.

The device comprises: a key delivery server which receives the updaterequest of the user key data accompanied by submission of the mediumidentifier data from the user terminal, publishes new user key data whenit is judged that the update request is proper, and transmits the userkey data to the user terminal; and an update history database retaininga update history of the user key data per the medium identifier data,wherein the key delivery server, referring to the update historydatabase, performs the update of the user key data based on the updaterequest from the user terminal, when it is judged that the update of theuser key data concerning the submitted medium identifier data has notbeen performed within a predetermined period, and refuses the updaterequest from the user terminal when it is judged that the update of theuser key data concerning the submitted medium identifier data has beenperformed within a predetermined period.

A storage medium processing program according to the invention uses astorage medium and a user terminal. The storage medium stores mediumidentifier data, medium unique key data enabled to be generated based onthe medium identifier data, encrypted user key data in which user keydata is encrypted so that it may be decrypted using the medium uniquekey data, and encrypted content key data in which content key data isencrypted so that it may be decrypted using the user key data. The userterminal to which the storage medium can be connected retains encryptedcontent data in which content data is encrypted so that it may bedecrypted using the content key data. And the user terminal connected tothe storage medium is enabled to access to a license center to obtainvarious kinds of data. The program is configured to perform: a updaterequesting step in which the user terminal requests to the licensecenter a update of the user key data in the storage medium submittingthe medium identifier data; a update history reference step in which thelicense center refers to a update history of the user key dataconcerning to the medium identifier data submitted in the updaterequesting step; an update executing step in which the license centerperforms the update of the user key data based on the update requestfrom the user terminal when it is judged that the update of the user keydata concerning the submitted medium identifier data has not beenperformed within a predetermined period; and an update refusal step inwhich the license center refuses the update request from the userterminal when it is judged that the update of the user key dataconcerning the submitted medium identifier data has been performedwithin a predetermined period.

The Advantage of the Invention

According to this invention, in order to continuously use a storagemedium, when the owner of a storage medium transmits the update requestof user key data to a license center, medium identifier data issubmitted from a user terminal. The license center refers to the updatehistory of the user key data concerning the shown medium identifierdata.

When it is judged that the update of the user key data concerning thesubmitted medium identifier data has not been performed within apredetermined period, the update of the user key data is performed. Onthe other hand, the update request is refused, when it is judged thatthe update of the user key data concerning the submitted mediumidentifier data has been performed within a predetermined period.

Thereby, for example, when the owner of a forged storage medium requeststhe update of user key data later than the owner of an authentic storagemedium, the update request is refused and the forged storage mediumbecomes impossible to be continuously used as a storage medium due tothe expiry term.

On the other hand, the owner of an authentic storage medium can beprotected, even if he or she requests the update of the user key laterthan the owner of a forged storage medium. In that case, he or she canreceive a confirmation of user registration data or the like thereafter,and receive a storage medium which has another piece of mediumidentifier data assigned.

Therefore, according to the present invention, spread of forged storagemedia can be prevented, while suppressing damages and labors of ownersof an authentic storage medium to the minimum.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram showing the configuration of the storage-mediumprocessing system according to one embodiment of the present invention;

FIG. 2 explains a procedure in which a SD card acquires a content keythrough the user terminal;

FIG. 3 explains a procedure for updating the user key;

FIG. 4 is a flow chart explaining the case where an update with the samemedium identifier has been performed within a predetermined period;

FIG. 5 illustrates changes in the stored data in a SD card before andafter an update.

FIG. 6 is a flow chart explaining the case where an update with the samemedium identifier has been done within a predetermined period;

FIG. 7 illustrates changes in the stored data in a SD card before andafter an update;

FIG. 8 illustrates changes of the user key data before and after anupdate;

FIG. 9 is a flowchart explaining the process for when a registereduser's mailed SD card is a forged SD card; and

FIG. 10 is a diagram showing both the configuration of the SD cardcorresponding to the encryption double key scheme conventionally adoptedin MQbic and a user terminal.

DETAILED DESCRIPTION

Hereafter, embodiments of the present invention will now be describedwith reference to the drawings. FIG. 1 is a diagram showing theconfiguration of the storage-medium processing system relating to theembodiment of the present invention.

The same numerals are given to the same parts as FIG. 10, and detailedexplanation is omitted for these parts. Different parts are hereaftermainly described.

Specifically, in the system of this embodiment, a user terminal 20,holding a SD card SDq freely attachable and detachable therein, isenabled to communicate through a network 30 to the license center unit40.

The user terminal 20 is equipped with a memory 21, a download unit 22, aSD card processing unit 23, and a control unit 25. For a user terminal20, any arbitrary device may be used, if it is an electronic instrumentholding a SD card SDq attachable and detachable therein, such as apersonal computer, a portable cellular phone, or a portable informationterminal (personal digital assistant).

The memory 21 is a memory area which may be read and written fromanother unit 22-25. For example, the encrypted content data Enc (Kc, C)is stored therein.

The download unit 22 is controlled by the control unit 25, and it has afunction of downloading the encrypted content key data Enc (Ku, Kc) andnew user key Kun from the license center unit 40. For example, browsersoftware or the like may be used therefor. The SD card processing unit23 is controlled by the control unit 25, and has a function ofauthentication, a cipher communication, and reading/writing data storedin each of the areas 1, 3, and 4. The control unit 25 has usual computerfunctions and a function of controlling each of the unit 21-24 accordingto operation of a user.

The license center unit 40 comprises a key delivery server 41, a mediumidentifier database 42, a user key database 43, a expiry term database44, an update history database 45, a content key database 46, anauthenticated content ID database 47, and a user registration database48.

The key delivery server 41 receives from the user terminal 20 through anetwork 30 a request of transmitting a content key.

In this case, after experiencing a certain authentication process, thekey delivery server 41 has a function of returning to the user terminal20 through a network 30 new content key data concerning the request.

Moreover, when a user key update request is received from the userterminal 20 through the network 30, the key delivery server 41 accessesthe various databases 42, 44 and 45 or the like to judge the proprietyof the request. When judged that the request is proper, it has afunction of generating new user key data, and returning the new user keydata or the like via the network 30 to the user terminal 20.

Furthermore, when judged that the request is not proper, the keydelivery server 41 serves to answer that a generation of new user keydata is refused.

The medium key database 42 holds data of the medium identifier IDm whicheach SD card has. The user key database 43 is for storing the user keywhich each SD card has, and user key which the key delivery server 41newly generated corresponding to the user key update request.

The expiry term database 44 holds data about the term of expiry of theuser key Ku which each SD card holds.

The update history database 45 holds update history data of the user keyKu of the SD card SDq in relation to the medium identifier IDm whicheach SD card SDq has.

The content key database 46 holds various content key data.

The authenticated content ID database 47 holds data of the content keydata issued according to the request of an SD card owner, in relation tothe medium identifier IDm of the SD card.

The user registration database 48 holds data about user registrationwhich the SD card owner performed by showing own individual data (his orher address, name, or telephone number, etc).

By conducting a user registration, an owner of an authentic SD card canhave a protection, such as receiving a new storage medium assignedanother piece of medium identifier data, even if an owner of a forged SDcard performs the update of a user key or the like beforehand, asdescribed later.

The security module 51 is a unit that performs encryption/decryptionprocessing of the user key Ku and the content key Kc, and is equippedwith a management key obtaining unit 52, and a key encryption managementunit 53.

The management key obtaining unit 52 holds the management key readablefrom the key delivery server 41.

The key encryption management unit 53 has a function of receiving asetup of a management key by the key delivery server 41, decoding theencrypted user key for management and the encrypted content key formanagement respectively, which are received from the key delivery server41 based on the management key to obtain a user key and a content key,encrypting the content key and basic metadata with the user key, andtransmitting to the delivery server 41 the encrypted content key (withbasic metadata included therein) obtained and (additional) metadata suchas a purchase date or the like.

Next, a storage-medium processing method conducted by the storage-mediumprocessing system constituted as mentioned above is explained, usingFIG. 2 or 9. An obtaining process of a content key is described firstand the updating of a user key is explained thereafter.

(An Obtaining Process of a Content Key)

The procedure of obtaining a content key by the SD card SDq through theuser terminal 20 is explained with reference to FIG. 2. In the userterminal 20, the control unit 25 starts the download unit 22 accordingto the operation of a user, and as shown in FIG. 2, it checks that thedownload unit 22 has already purchased or finished accounting about acontent key in advance (ST11). If the purchase has not been finished,the user terminal 20 performs purchase and settlement processing of acontent key with the license center unit 40, and changes the content keyinto the status purchase or the accounting has finished.

Subsequently, the download unit 22 transmits a request of transmittingan encrypted content key to be obtained and metadata to the key deliveryserver 41 (ST12). Note that this request of transmitting contains atleast the content ID corresponding to the encrypted content key, and themedium identifier IDm of the SD card SDq.

If the key delivery server 41 receives this request of transmitting, itreads from the user key database 43 the encrypted user key formanagement stored in advance for every medium identifier IDm (ST13), andreads the encrypted content key and basic metadata (the content ID, thetitle, the producer, and others) for management which were stored inadvance for every content ID from the content key database 46 (ST14).

Thereafter, the key delivery server 41 reads the management key from themanagement key obtaining unit 52, and sets this management key in thekey encryption management unit 53 (ST16), and transmits the request ofencrypting the content key to the key encryption management unit 53(ST17). Note that this encryption request contains the encrypted userkey for management, the encrypted content key for management, and thebasic metadata.

Based on the management key, the key encryption management unit 53decodes the encrypted user key for management, and the encrypted contentkey for management, respectively, and obtains a user key and a contentkey. Thereafter, the key encryption management unit 53 transmits to thekey delivery server 41 the encrypted content key (with basic metadataincluded therein) and metadata (it is additional) such as an purchasedate, which were obtained by encrypting a content key and basic metadatawith user key (ST18).

The key delivery server 41 reads the additional metadata (ST19), andgenerates a SOAP (Simple Object Access Protocol) message containing theencrypted content key and the metadata for example (ST20). And ittransmits the encrypted content key and metadata to the user terminal 20by the SOAP message (ST21). Note that the SOAP message is an example ofa message scheme. It is needless to say that it may be changed intoother schemes.

In the user terminal 20, the download unit 22 which received the simpleobject access protocol message transmits the request of storing anencrypted content key to the SD card processing unit 23. Note that therequest of storing the encrypted content key contains only the encryptedcontent key out of the encrypted content key and the metadata. The SDcard processing unit 23 writes this encrypted content key in the userdata area 4 of the SD card SDq. Moreover, the download unit 22 saves themetadata that was not sent out to the SD card processing unit 23 (ST23).This ends an obtaining process of a content key.

(Updating Process of a User Key)

Next, the Procedure of the update of a user key is explained based onFIG. 3. In the user terminal 20, the control unit 25 starts the SD cardprocessing unit 23 and the download unit 22 according to an operation ofa user. The SD card processing unit 23 reads the medium identifier IDmof the SD card SDq from the system area 1 for the update request of auser key (ST30), and generates the random number R1 (ST31). This randomnumber R1 is generated for authentication under challenge response usinga common-key-encryption scheme, and for generation of a session key, inorder to perform secure communication between the user terminal 20 andthe license center unit 40.

Subsequently, the download unit 22 transmits the update request of theuser key Ku to the key delivery server 41 (ST32). This update requestcontains the medium identifier IDm of the SD card SDq, the old user keydata Kuo which is an object of an update, and the generated randomnumber R1.

When the key delivery server 41 receives this transmission request, itrefers to the update history database 45 for a update history by themedium identifier IDm as described later (ST33). If there is no updatewithin a predetermined period, it will shift to the following step ST34.The case where an update is within a predetermined period will bementioned later.

In ST34, the encrypted user key Kuo for management is read from the userkey database 43, and the new user key data Kun in which the expiry termhas been updated is generated based on this user key data Kuo.

Note that in this specification, a symbol Kuo shall be given to the olduser key data Ku before an update, among user keys Ku, and Kun shall begiven to the new user key data Ku after an update. Moreover, the lengthof the expiry term after an update can be variously changed according tosituations.

Usually, it may be the same as the length of the expiry term before anupdate. However, in special cases such as suspension of services in thelicense center because of certain situations, the expiry term may bemade into a sufficiently long period, or the expiry term itself may beremoved. The new user key data Kun is saved in the user key database 43with this medium identifier IDm (ST35).

Then, the key delivery server 41 generates a random number R2 (ST36).Subsequently, the key delivery server 41 generates the session key Ksusing the random number R1 received from the SD card processing unit 23,this random number R2, and the secret information K1 and K2 as a commonencryption key (ST37).

The key delivery server 41 encrypts the new user key Kun using thisgenerated session key Ks (ST38), and transmits the encrypted user keydata Kun using the simple object access protocol message with the randomnumber R2 to the SD card processing unit 23 through the download unit 25(ST39).

The SD card processing unit 23 generates the session key Ks from therandom number R1, R2, the secret information K1, and K2 (ST40), anddecodes the encrypted user key Kun with the session key Ks (ST41). Thedecrypted user key Kun is again encrypted by the SD card processing unit23 using the medium unique key Kmu, and is written in the protectionarea 4 of the SD card SDq (ST42). This ends the updating of the user keyKu.

FIG. 4 explains the detail of the above-mentioned step ST33 includingthe case where it is judged that the update by the same mediumidentifier IDm is made within a predetermined period, as a result of areference to the update history database 45. When the key deliveryserver 41 receives an update request with the medium identifier IDm andthe old user key Kuo (S51), it refers to the update history database 45for the update history of the user key Ku accompanied by presentationfor the medium identifier Idm (S52).

Note that the update request of the user key Ks is performed when theuser himself performs an update procedure spontaneously. Other casesinclude a case where the license center or the like detects the expiryterm and an update procedure is automatically performed by a program.

As a result of a reference, when judged that the update has not beencarried out within a predetermined period, a new user key Kun isre-issued (generated), and finally encrypts and writes it in theprotection area 3 of the SD card SDq (S54).

In the authenticated content ID database 47, instead of the content keyEnc (Kuo, Kcselli) encrypted by the old user key Kuo and saved therein,the content key Enc (Kun, Kcselli) encrypted with the new user key Kunis generated (refer to ST55 and FIG. 5), although it is not explained inFIG. 2. This encrypted content key Enc (Kun, Kcselli) is transmitted tothe SD card processing unit 23 of the user terminal 20 with theencrypted new user key Kun, for example in ST39 of FIG. 2.

On the other hand, when judged that the update has been carried outwithin a predetermined period in ST53, the key delivery server 41informs that the update of the user key Ku by the same medium identifierIDm has already been carried out, and that the update of the user key Kucannot be received immediately. It also asks the user (registered user)who is registering as a user to mail an SD card on hand (ST56). Aprocess of mailed the SD card is mentioned later.

About reference step ST33 of the above-mentioned update history database45, detailed procedure is explained with reference to FIG. 6, which isdifferent from FIG. 4.

ST51′-ST53′ and ST56′ are the same as that of ST51-ST53 of FIG. 4, andST56.

New user key data Kun is re-issued in ST54′ in the example of this FIG.6. At this time, however, the whole user key data Ku is not rewritten.The key data Kum itself is kept unchanged, and only management metadata(data about the expiry term or the like is included) is rewritten (referto FIG. 7 and FIG. 8).

Thereby, different from the case of the procedure of FIG. 4, it isunnecessary to perform a process of generating a content key Enc (Kun,Kcselli) encrypted by a new user key Kun instead of the content key Enc(Kuo, Kcselli) encrypted by the old user key Kuo and saved (ST55), and aburden of the system is reduced.

(Processing of the Mailed SD Card)

When a registered user's mailed SD card is not forgery but an authenticSD card, the authentic SD card which has another medium identifier isreturned. As described above, the owner of an authentic SD card can beprotected irrespective of an existence of a forged SD card owner bybeing registered as a user.

A process performed when a registered user's mailed SD card is a forgedSD card, is explained with reference to the flowchart of FIG. 9.

When the license center receives the mailed forged SD card with providedinformation such as the purchase path and time thereof (S61), thelicense center deletes a user key and a content key of the forged SDcard (S62), publishes at the user's cost an authentic SD card with a newuser key and a new content key written therein (S63).

The new medium identifier, a user key, and a content key of theauthentic SD card, are stored in the databases 42, 43, and 46 (S64).Then, this new authentic SD card and the forged SD card are returned toa user (S65). It reports to the user that various keys has been deletedin the forged SD card and it is impossible to receive a contentdistribution service (MQbic services).

Note that the process described in each of above-mentioned embodimentscan be implemented by a program which can make a computer perform theprocess. The program can be stored in a storage medium, such as magneticdisks (a floppy (registered trademark) disk, a hard disk, etc.), anoptical disk (CD-ROM, DVD etc.), a magneto-optical disk (MO), and asemiconductor memory.

Moreover, as this storage medium, scheme for storing may be of any type,as long as it is a storage medium enabled to store a program, readableby a computer.

Moreover, operating system (OS) working on a computer based on anindication of the program installed in the computer from the storagemedium, a database management software, and a middleware such as networksoftware, can implement part of the processes for realizing theembodiments.

Furthermore, the storage medium in the present invention is not limitedto the medium that is independent of a computer. It may be a storagemedium that downloads the program transmitted by a local area network(LAN) or the Internet, etc., and stores or temporarily stores it.

Moreover, a storage medium is not limited to a single one. When theprocesses in the embodiments are performed by a plurality of media, themedia are included in the storage medium according to the presentinvention. In addition, the medium configuration may be any type.

Note that a computer in the present invention is configured to performeach process in the embodiments based on a program stored in a storagemedium. It may have any configurations. For example, it may be a singledevice such as a personal computer, or a system having a plurality ofnetwork-connected computers.

Moreover, a computer in the present invention is not limited to apersonal computer, but includes a operation processing device includedin a information processing device, and a microcomputer. It includesdevices or apparatuses that can realize the function of the presentinvention by a program.

Furthermore, in the above-described embodiments, the update history bythe medium identifier shown at the time of the update request isreferred. As addition to this, it is possible to refer to the mediumidentifier shown in the user registration database 48, and when thematching user registration does not exist, the update of a user key maybe refused.

Note that the present invention is not limited to the above-describedembodiments themselves. In a practice phase, their components can bemodified and embodied, as long as it does not depart from the spiritthereof. Moreover, merging two or more proper components indicated bythe above-mentioned embodiments can form various inventions. Forexample, some components may be deleted from all the components shown inthe embodiments. Furthermore, the components employed in differentembodiments may be combined suitably.

AN EXPLANATION OF SYMBOLS

-   SDq . . . an SD card-   1 . . . a system area-   2 . . . a hidden area-   3 . . . a protection area-   4 . . . a user data area,-   5 . . . a encryption/decryption unit-   20 . . . a user terminal-   21 . . . a memory-   22 . . . a download unit-   23 . . . a SD card processing unit-   25 . . . a control unit-   40 . . . a license center unit,-   41 . . . a key delivery server-   42 . . . a medium key database-   43 . . . a user key database-   44 . . . a expiry term database-   45 . . . a update history database-   46 . . . a management key obtaining unit-   47 . . . . The authenticated content ID database-   51 . . . . The security module-   52 . . . a management key obtaining unit-   53 . . . a key encryption management unit

What is claimed is:
 1. A storage medium processing method for a storagemedium and a user terminal, the storage medium being configured to storemedium identifier data, medium unique key data generated based on themedium identifier data, user key data encrypted so that the user keydata is decrypted using the medium unique key data, and content key dataencrypted so that the content key data is decrypted using the user keydata; the method comprising: retaining, at the user terminal, contentdata encrypted so that the content data is decrypted using the contentkey data, the user terminal being connected to the storage medium;requesting, at the user terminal to a license center, an update of boththe user key data and an expiration term of the user key data from thelicense center by submitting the medium identifier data to the licensecenter; accessing, at the license center, an update history of the userkey data corresponding to the submitted medium identifier data;updating, at the license center, the user key data based on an updaterequest, which includes an old user key, from the user terminal inresponse to an update of the user key data corresponding to thesubmitted medium identifier data having not been last performed within apredetermined period; refusing, at the license center, the updaterequest, which includes the old user key, from the user terminal inresponse to the update of the user key data corresponding to thesubmitted medium identifier data having last been performed within apredetermined period, and reporting a refusal of the update request. 2.The storage medium processing method according to claim 1, furthercomprising displaying a message requesting a mailing of the storagemedium after a refusal of the update request.
 3. The storage mediumprocessing method according to claim 1, wherein the updating of the userkey data further includes generating new encrypted content key data byencrypting the content key data using updated user key data.
 4. Thestorage medium processing method according to claim 1, wherein the userkey data contains data of a key body, and management metadata formanaging the user key data, and the license center retains an originalkey body, and only updates the management metadata.
 5. A storage mediumprocessing device comprising: a hardware memory connected to the storagemedium processing device and configured to store medium identifier data,medium unique key data generated based on the medium identifier data,user key data encrypted so that the user key data is decrypted using themedium unique key data, and content key data encrypted so that thecontent key data is decrypted using the user key data; circuitryconfigured to process data of the hardware memory via a user terminalthat stores content data encrypted so that the encrypted content data isdecrypted using the content key data; an update history databaseconfigured to retain an update history of the user key data associatedwith the medium identifier data; and a key delivery hardware serverconfigured to: receive an update request from the user terminal toupdate both the user key data and an expiration term of the user keydata, the update request being accompanied by the medium identifierdata, update the user key data and publish new user key data when theupdate request, which includes an old user key, is proper, the keydelivery hardware server referring to the update history database anddetermining that the update request is proper in response to an updateof the user key data corresponding to submitted medium identifier datahaving not been last performed within a predetermined period, the newuser key data being transmitted to the user terminal, and refuse theupdate request, which includes the old user key, in response to theupdate of the user key data corresponding to submitted medium identifierdata having last been performed within a predetermined period, andreport a refusal of the update request.
 6. The storage medium processingdevice according to claim 5, wherein the key delivery hardware server isconfigured to display a message requesting a mailing of the hardwarememory after a refusal by the key delivery hardware server to update theuser key data.
 7. The storage medium processing device according toclaim 5, further comprising a user key database configured to retain theuser key data, wherein the key delivery hardware server rewrites theuser key data stored in the user key database when performing the updateof the user key data.
 8. The storage medium processing device accordingto claim 5, wherein the key delivery hardware server generates, whenupdating the user key data, new encrypted content key data by encryptingthe content key data using the new user key data.
 9. The storage mediumprocessing device according to claim 5, wherein the user key datacontains data of a key body, and management metadata for managing theuser key data, and the key delivery hardware server retains, whenexecuting an update of the user key data, an original key body, andupdates only the management metadata.
 10. A non-transitory computerreadable storage medium storing computer readable instructions thereonthat when executed by a user terminal cause the user terminal to performa method, wherein the storage medium stores medium identifier data,medium unique key data generated based on the medium identifier data,user key data encrypted so that the user key data is decrypted using themedium unique key data, and content key data encrypted so that thecontent key data is decrypted using the user key data; the methodcomprising: retaining, at a user terminal connected to the storagemedium, content data encrypted so that the content data is decryptedusing the content key data; obtaining various kinds of data from alicense center; requesting both an update of the user key data and anexpiration term of the user key data from the license center bysubmitting the medium identifier data to the license center; referringto an update history of the user key data corresponding to the submittedmedium identifier data; updating the user key data based on an updaterequest, which includes an old user key, from the user terminal, inresponse to an update of the user key data corresponding to thesubmitted medium identifier data having not been last performed within apredetermined period; and refusing the update request, which includesthe old user key, from the user terminal in response to the update ofthe user key data corresponding to the submitted medium identifier datahaving last been performed within a predetermined period, and reportinga refusal of the update request.
 11. The non-transitory computerreadable storage medium according to claim 10, further comprising:displaying a message requesting a mailing of the storage medium after arefusal of the update request.